SIP Security in IP Telephony
|
|
- Briana Singleton
- 8 years ago
- Views:
Transcription
1 SIP Security in IP Telephony Muhammad Yeasir Arafat and M. Abdus Sobhan School of Engineering and Computer Science Independent University, Bangladesh Abstract Today the session initiation protocol (SIP) is the predominant protocol for IP Telephony Signaling. The intention of this paper is to present an overview of IP Telephony security issues - both current and future focusing on SIP. We start by presenting some fundamental differences between IP Telephony and the public switched telephone network (PSTN). We then look at specific problems for SIP signaling that arise from these differences. We summarize current activities regarding SIP security, including recent developments in the research community and standardization efforts within the IETF. Finally, the paper gives an outlook on the security issues of IP Telephony. Keywords IP Telephony, Voice over Internet Protocol (VoIP), Session Initiation Protocol (SIP), PSTN, ISP. I. INTRODUCTION This document is a template. An electronic copy can be downloaded from the conference website. For questions on paper guidelines, please contact the conference publications committee as indicated on the conference website. Information about final paper submission is available from the conference website. II. DIFFERENCES BETWEEN IP TELEPHONY AND THE PSTN IP Telephony as it is used today has some fundamental differences compared to speech transmission in the Public Switched Telephone Network (PSTN): In the PSTN, signaling is done in a separate and closed network. With IP Telephony, signaling is done in an open, highly insecure network (e.g. the Internet). Traditional telephones are simple devices with limited functionality. IP Telephony terminals, on the other hand, are complex devices with their own TCP/IP stack. IP Telephony offers mobility: users can change their location and still use the same identity in the network. A IP Telephony -user only needs access to the Internet. By contrast, in the PSTN there is no mobility. Because there is no mobility in the PSTN, authentication is not necessary. Anybody who has physical access to a socket in the wall can use that line. As IP Telephony can be used from anywhere in the Internet, additional authentication must be utilized. III. SIGNALLING WITH SIP The Session Initiation Protocol (SIP) is an Internet Engineering Task Force (IETF) standard designed for initiating, maintaining and terminating interactive communication sessions between users. These sessions may include voice, video, instant messaging, interactive games, and virtual reality. The Session Initiation Protocol (SIP) was specified by the IETF as a standard for signalling and control in multimedia communications over IP [1]. SDP, the Session Description Protocol, is used to select parameters (such as the codec and media type) for the transmission. After a session has been established with SIP, the actual media transfer is transmitted with the Real-time Transport Protocol (RTP). Because SIP is used to set up a session, any secure communication that can be established in a SIP session can further be used to negotiate secrets for a secure RTP stream. Therefore, SIP security is of high importance for IP Telephony security. SIP is a client-server protocol which resembles HTTP. Signaling is based on text messages: A message consists of a header and an optional body. Messages are either requests or responses. If a SIP entity receives a request, it performs the corresponding action and sends back a response to the originator of the request. Responses are threedigit status codes. Table 1 list SIP requests; table 2 lists classes for SIP response codes. SIP Request INVITE BYE ACK OPTIONS CANCEL REGISTER TABLE I SIP REQUESTS Description Initiates a call signalling sequence Terminates a session Acknowledge Queries a server about its capabilities Used to cancel a request in progress Used to register location information at a registrar 40
2 TABLE II SIP RESPONSE CODES SIP Response Codes 1xx informational 2xx ok 3xx redirection 4xx client error 5xx server error 6xx global failure Addressing in SIP is done with Uniform resource Identifiers (URIs). A SIP-URI is similar to an e- mail address and generally of the type sip:user@domain. SIP designates different (logical) entities: user agent, proxy, registrar, redirect server, and location server. A User agent is a terminal participating in SIP communications (this can be hardware or software). A proxy receives messages and forwards them to another SIP entity. A redirect server redirects the sender of the message to another SIP entity instead of forwarding the message. Users can register their current location (i.e. IP-address) with the registrar of their domain. This enables mobility: A location server is used by a registrar to store the location of users (the binding of a SIP-URI with a current IPaddress). The location server provides a directory for other SIP entities to look up the current location for a given SIP-URI. Example: Setting up a Simple Voice Connection with SIP registrar (1) to be able to receive calls. The registrar stores the location information at a location server (2). When user agent A wants to call user agent B, it sends an INVITE-request to its local SIP-proxy (3) which passes on the request (possibly after a DNS lookup) to the proxy of user B s domain (4). The proxy in domain B needs lo look up the IP-address of user agent B at the location server (5, 6) before it can send the request to user agent B (7). The response message for user agent A can take the same route back (8, 9, 10). (A) SIP Security Mechanisms The SIP standard, as specified in RFC 3261 [1], includes several security mechanisms: S/MIME: Because SIP is using MIME for message bodies, S/MIME can be used to send authenticated and encrypted messages between user agents. Digest Authentication: SIP entities sharing a secret (e.g. a password) can authenticate each other with a challenge-response mechanism. To Prevent replay attacks; this challengeresponse authentication includes nonces. TLS & IPSec: Hop-by-hop security for SIP signaling can be achieved either on the transport layer (TLS) or on the network layer (IP sec). In theory, these security mechanisms can make SIP signaling secure. However, they require a pre-call trust relationship or rely on a trust infrastructure (like a public key infrastructure), which all users can use and with one root that all users trust. IV. SIP OPERATION Fig.1 Setting a Phone Call with SIP The establishment of a voice connection between two users is illustrated in Figure_1. In this example, user agent A and B are in different domains and have different proxies. First, the caller (user agent B) needs to register with its local To establish a call, the INVITE request is the most fundamental and important SIP request. The following example of a SIP message exchange between two users, and , shows the basic functions of SIP. Hope it will facilitate the understanding of the procedure of services offered by SIP. In this example, who resides in the domain, wants to call Usually they reside within the same domain, so Dan may use a soft phone (SIP-based) to send an INVITE for sip: @ ( s SIP URL) to a local proxy server, shown in the figure as home.com Proxy Server. 41
3 The INVITE request contains a number of header fields and it might look like this: Origina tor TABLE 3 SIP INVITE REQUEST Switch Term inato r Message INVITE sip: @ 100 Trying INVITE sip: @ Trying ACK sip: @ OK 200 OK ACK sip: @ BYE sip: @ BYE sip: @ : OK 200 OK For INVITE sip: @ details message is look like this: INVITE sip: @ c9d d8754z-;rport Contact: <sip: @ :6256> <sip: @> " "<sip: @>;t ag=015ccc4a Call-ID: BYE, REFER, NOTIFY, MESSAGE, REGISTER, SUBSCRIBE, INFO Content-Type: application/sdp Supported: replaces User-Agent: PortGo v6.8, Build Content-Length: 474 v=0 o= IN IP s= c=in IP t=0 0 m=audio RTP/AVP a=rtpmap:8 PCMA/8000 a=rtpmap:0 PCMU/8000 a=rtpmap:3 GSM/8000 a=rtpmap:121 G7221/100 a=rtpmap:100 SPEEX/100 a=rtpmap:9 G722/8000 a=rtpmap:97 ilbc/8000 a=rtpmap:101 telephone-event/8000 a=fmtp: a=ptime:20 m=video RTP/AVP 34 a=rtpmap:34 H263/90000 a=fmtp:34 CIF=1 QCIF=1 For SIP 100 Trying 100 Trying c9d d8754z- ;received=.35 <sip: @>;tag=015ccc4a <sip: @> 42
4 Contact: For INVITE 6.20 INVITE ;branch=z9hg4bkbd5d53b00d 678 Contact: Content-Type: application/sdp Content-Length: 383 v=0 o=itelswitchplus_ IN IP4 s=sip Session c=in IP4 t=0 0 m=audio 1856 RTP/AVP a=rtpmap:8 PCMA/8000 a=rtpmap:0 PCMU/8000 a=rtpmap:3 GSM/8000 a=rtpmap:121 G7221/100 a=rtpmap:100 SPEEX/100 a=rtpmap:9 G722/8000 a=rtpmap:97 ilbc/8000 a=rtpmap:101 telephone-event/8000 a=fmtp: For 100 Trying Trying ;branch=z9hg4bkbd5d53b00d 678;received= <sip: @>;tag=46644 <sip: @6.20> Call-ID: bddbbegekphtwe @ Server: Asterisk PBX BYE, REFER, SUBSCRIBE, NOTIFY, INFO Supported: replaces, timer Contact: <sip: @6.20> For c9d d8754z- ;received=.35 <sip: @>;tag=015ccc4a <sip: @>;tag= Contact: <sip: @> For ;branch=z9hg4bkbd5d53b00d 678;received= <sip: @>;tag=46644 <sip: @6.20>;tag=as41ebef58 Call-ID: bddbbegekphtwe @ Server: Asterisk PBX BYE, REFER, SUBSCRIBE, NOTIFY, INFO Supported: replaces, timer Contact: <sip: @6.20> For ;branch=z9hg4bkbd5d53b00d 678;received= <sip: @>;tag=
5 Call-ID: Server: Asterisk PBX BYE, REFER, SUBSCRIBE, NOTIFY, INFO Supported: replaces, timer Contact: For c9d d8754z- ;received=.35 Contact: For ACK 6.20 ACK ;branch=z9hg4bkbg8d86b00d 681 Contact: CSeq: ACK For 200 OK OK ;branch=z9hg4bkbd5d53b00d 678;received= Call-ID: Server: Asterisk PBX BYE, REFER, SUBSCRIBE, NOTIFY, INFO Supported: replaces, timer Contact: Content-Type: application/sdp Content-Length: 280 v=0 o=root IN IP s=asterisk PBX c=in IP t=0 0 m=audio RTP/AVP a=rtpmap:0 PCMU/8000 a=rtpmap:8 PCMA/8000 a=rtpmap:3 GSM/8000 a=rtpmap:101 telephone-event/8000 a=fmtp: a=ptime:20 For 200 OK 200 OK c9d d8754z- ;received=.35 <sip: @>;tag=015ccc4a <sip: @>;tag= Contact: <sip: @> Content-Type: application/sdp Content-Length: 287 v=0 o=itelswitchplus_ IN IP4 s=sip Session c=in IP4 t=0 0 m=audio 1834 RTP/AVP a=rtpmap:0 PCMU/8000 a=rtpmap:8 PCMA/8000 a=rtpmap:3 GSM/8000 a=rtpmap:101 telephone-event/8000 a=fmtp:
6 a=ptime:20 For ACK ACK :6256;branch=z9hG4bK-d8754zb95fd665be79b d8754z-;rport Contact: ag=015ccc4a Call-ID: CSeq: 1 ACK User-Agent: PortGo v6.8, Build For BYE sip: @ 6.20 BYE sip: @ 6.20;branch=z9hG4bK3249e361;rport <sip: @6.20>;tag=as41ebef58 " " <sip: @>;tag=46644 Call-ID: bddbbegekphtwe @ CSeq: 102 BYE User-Agent: Asterisk PBX X-Asterisk-HangupCause: Normal Clearing X-Asterisk-HangupCauseCode: 16 For BYE sip: @ :6256 BYE sip: @ :6256 ;branch=z9hg4bk-d8754z- b95fd665be79b d8754z- <sip: @>;tag= " " <sip: @>;tag=015ccc4a CSeq: 2 BYE For 200 OK OK 6.20;branch=z9hG4bK3249e361 <sip: @6.20>;tag=as41ebef58 " " <sip: @: 50>;tag=46644 bddbbegekphtwe @ CSeq: 102 BYE For 200 OK 200 OK ;branch=z9hg4bk-d8754z- b95fd665be79b d8754z- Contact: <sip: @ :6256> " "<sip: @>;t ag=015ccc4a <sip: @>;tag= Call-ID: CSeq: 2 BYE User-Agent: PortGo v6.8, Build V. CURRENT SECURITY PROBLEMS FOR SIP SIGNALING By its very definition, VoIP uses IP networks for setting up voice communication. Thus, all threats that are well-known in IP-networks (e.g. denial-ofservice, spoofing, sniffing ) are inherited by VoIP. Furthermore, implementation vulnerabilities (e.g. buffer overflows) are likely because VoIP servers and terminals are complex IP-devices. Specific to SIP are among others - the following threats: Registration/call hijacking Impersonating a SIP-entity 45
7 Tampering with message bodies Tearing down sessions Denial of service Eavesdropping Spam Many activities exist with the goal of making IP Telephony more secure. Within the scope of this paper, it is only possible to list some important challenges and summarize current activities to mitigate these problems. For a more depletive list of threats to VoIP and SIP the reader is referred to [2], [3]. (A) Authentication One of the fundamental problems for SIP security is end-to-end authentication of communication partners in the absence of a universal trust infrastructure2. If the communication partners have a pre-call trust relationship (e.g. via ), S/MIME can be used. Hop-by-Hop solutions (e.g. TLS, IPSec) only work if there is a transitive trust path between sender and receiver of a SIP message. Unlike https, SIP messages via TLS can pass many application layer hops between sender and receiver, and some intermediary entities may not be trustworthy. The following approaches are trying to mitigate authentication problems for SIP/VoIP: ZRTP [4] is a protocol developed by Phil Zimmermann, the inventor of PGP. ZRTP enables a Diffie Hellman key exchange within an RTP stream. This key exchange is protected against man-in-the middle attacks through an authentication string. The user can verify this authentication string with the actual voice of his communication partner. Thus, ZRTP offers authentication of a known communication partner without using any trust infrastructure. RFC 3325 specifies a SIP header in which a proxy of a domain can assert the identity used in a SIP message. However, this assertion is not signed. It can be exchanged between domains that have a TLS connection. In [5], a similar SIP Identity mechanism is suggested. With this approach, a proxy can assert proper authentication of an identity from its domain and sign such an assertion. The SIP community has realized that hop-tohop security offered by TLS is insufficient for authentication in many cases. The goal of [6] is to develop a new way to establish endto-end authentication between user agents with SIP. No more than 3 levels of headings should be used. All headings must be in 10pt font. Every word in a heading must be capitalized except for short minor words as listed in Section III-B. (B) Security of Terminals & Servers Because SIP devices are complex, implementation weaknesses seem unavoidable. Vulnerabilities for SIP implementations are found frequently (e.g. [7]). The following efforts strive to make SIP implementations more secure by fostering SIP black-box testing: RFC 4475 describes various test messages that can be used to torture a SIP implementation. Many simple tools (e.g. [8]) can be used to carry out tests on SIP implementations. An advanced tool to construct sophisticated testcases for SIP is SIPp [9]. SIPp offers the definition of complex and dynamic tests for SIP implementations. (C) Spam over Internet Telephony (SPIT) Though not an issue today, it is estimated that Spam over Internet Telephony (SPIT) will become a problem in the future. First, automatic generation of SIP-based phone calls is feasible and cheap. Second, VoIP Spam will be much more intrusive than Spam is today: A phone will actually ring with each SPIT occurrence (possibly in the middle of the night). VoIP deals with real-time audio signals. Thus, the same countermeasures as for spam may not work for SPIT. (D) Lawful Interception Most countries legally allow for authorized wiretapping of telephone calls by law enforcement agencies, so called Lawful Interception. Depending on the use case and national law, Lawful Interception legislation may apply to VoIP. However, Lawful Interception for VoIP is much harder than in the PSTN due to the following technical facts: The SIP provider and the Internet Service Provider (ISP) may be different. Signaling and payload usually take a different route; traffic is only linked in terminals. The signaling and payload of the conversation may be encrypted. Thus, in order to reliably deploy Lawful Interception for VoIP it would be necessary to a) intercept all SIP traffic and b) intercept the network traffic in real-time of a provider not known prior to call-setup. Several scientists have realized the potential problems of Lawful Interception for VoIP. They have made a proposal arguing that the benefit of Lawful Interception for VoIP may be 46
8 outweighed by the negative consequences for society [10]. VI. CONCLUSION The intention of this paper has been to present an overview of important challenges and current activities on SIP security. Due to many threats, challenges, and the huge amount of work going on, we were only able to give an overview on some important aspects of SIP security. Many problems for IP Telephony security have not yet been solved satisfactorily. SIP is used to initiate IP Telephony communications. Thus, SIP security will remain an active and interesting research area in the near future. REFERENCES [1] J. Rosenberg, H. Schulzrinne et al., SIP: session initiation protocol, RFC 3261, 2002 [2] Voice over IP Security Alliance, VoIP Security and Privacy Threat Taxonomy, Public Release 1.0, Oct [3] Bundesamt für Sicherheit in der Informationstechnik, VOIPSEC Studie, tm [4] P. Zimmermann, A. Johnston, J. Callas, ZRTP: Extensions to RTP for Diffie-Hellman Key Agreement for SRTP, mann-avt-zrtp-01.html, internet draft, March 2006 [5] J. Peterson, C. Jennings, "Enhancements for Authenticated Identity Management in the Session Initiation Protocol (SIP)", draft-ietf-sip-identity-06 (work in progress), October [6] V. Gurbani, F. Audet, D. Willis, The SIPSEC Uniform Resource Identifier (URI), internet draft (work in progress), June 2006 [7] Cisco Security Advisory: Multiple Vulnerabilities in Cisco IP Telephones, [8] sipsak homepage, SIP swiss army knife, [9] SIPp, [10] S. Bellovin, M. Blaze, et al., Security Implications of Applying the Communications Assistance to Law Enforcement Act to Voice over IP, pdf [12] SIP Security, Status Quo and Future Issues, Jan Seedorf, ecurity in Distributed Systems (SVS) University of Hamburg, Dept. of Informatics, Vogt- Kölln-Str. 30, D Hamburg, [13] Arkko, J. Torvinen, V. Camarillo, G., Niemi A. and Haukka T. (2003), Security Mechanism Agreement for the Session Initiation Protocol RFC 3329 IETF [14] Cisco Systems Inc., "Overview of the Session Initiation Protocol", oice /sipsols/biggulp/bgsipov.htm#xtocid8, accessed at January, [15] IP telephony protocols, architectures and issues, Raimo Kantola (editor), Helsinki University of Technology Networking Laboratory, Teknillinen Korkeakoulu Tietoverkkolaboratorio Espoo
SIP Security Status Quo and Future Issues Jan Seedorf
SIP Security Status Quo and Future Issues Jan Seedorf Security in Distributed Systems (SVS) University of Hamburg, Dept. of Informatics Vogt-Kölln-Str. 30, D-22527 Hamburg seedorf@informatik.uni-hamburg.de
More informationSIP SECURITY. Status Quo and Future Issues. 23. Chaos Communication Congress: 27. - 30.12.2006, Berlin, Germany
SIP SECURITY Status Quo and Future Issues 23. Chaos Communication Congress: 27. - 30.12.2006, Berlin, Germany Jan Seedorf - seedorf@informatik.uni-hamburg.de SVS - Security in Distributed Systems Intention
More informationSession Initiation Protocol Security Considerations
Session Initiation Protocol Security Considerations Sami Knuutinen Helsinki University of Technology Department of Computer Science and Engineering May 28, 2003 Abstract Session Initiation Protocol (SIP)
More informationThree-Way Calling using the Conferencing-URI
Three-Way Calling using the Conferencing-URI Introduction With the deployment of VoIP users expect to have the same functionality and features that are available with a landline phone service. This document
More informationSIP Basics. CSG VoIP Workshop. Dennis Baron January 5, 2005. Dennis Baron, January 5, 2005 Page 1. np119
SIP Basics CSG VoIP Workshop Dennis Baron January 5, 2005 Page 1 Outline What is SIP SIP system components SIP messages and responses SIP call flows SDP basics/codecs SIP standards Questions and answers
More informationVoIP some threats, security attacks and security mechanisms. Lars Strand RiskNet Open Workshop Oslo, 24. June 2009
VoIP some threats, security attacks and security mechanisms Lars Strand RiskNet Open Workshop Oslo, 24. June 2009 "It's appalling how much worse VoIP is compared to the PSTN. If these problems aren't fixed,
More informationMedia Gateway Controller RTP
1 Softswitch Architecture Interdomain protocols Application Server Media Gateway Controller SIP, Parlay, Jain Application specific Application Server Media Gateway Controller Signaling Gateway Sigtran
More informationSIP : Session Initiation Protocol
: Session Initiation Protocol EFORT http://www.efort.com (Session Initiation Protocol) as defined in IETF RFC 3261 is a multimedia signaling protocol used for multimedia session establishment, modification
More informationSIP: Session Initiation Protocol. Copyright 2005 2008 by Elliot Eichen. All rights reserved.
SIP: Session Initiation Protocol Signaling Protocol Review H323: ITU peer:peer protocol. ISDN (Q.931) signaling stuffed into packets. Can be TCP or UDP. H225: Q931 for call control, RAS to resolve endpoints
More informationNTP VoIP Platform: A SIP VoIP Platform and Its Services
NTP VoIP Platform: A SIP VoIP Platform and Its Services Speaker: Dr. Chai-Hien Gan National Chiao Tung University, Taiwan Email: chgan@csie.nctu.edu.tw Date: 2006/05/02 1 Outline Introduction NTP VoIP
More informationAn outline of the security threats that face SIP based VoIP and other real-time applications
A Taxonomy of VoIP Security Threats An outline of the security threats that face SIP based VoIP and other real-time applications Peter Cox CTO Borderware Technologies Inc VoIP Security Threats VoIP Applications
More informationSIP Security. ENUM-Tag am 28. September in Frankfurt. Prof. Dr. Andreas Steffen. Agenda. andreas.steffen@zhwin.ch
ENUM-Tag am 28. September in Frankfurt SIP Security Prof. Dr. Andreas Steffen andreas.steffen@zhwin.ch Andreas Steffen, 28.09.2004, ENUM_SIP.ppt 1 Agenda SIP The Session Initiation Protocol Securing the
More informationARCHITECTURES TO SUPPORT PSTN SIP VOIP INTERCONNECTION
ARCHITECTURES TO SUPPORT PSTN SIP VOIP INTERCONNECTION 10 April 2009 Gömbös Attila, Horváth Géza About SIP-to-PSTN connectivity 2 Providing a voice over IP solution that will scale to PSTN call volumes,
More informationUser authentication in SIP
User authentication in SIP Pauli Vesterinen Helsinki University of Technology pjvester@cc.hut.fi Abstract Today Voice over Internet Protocol (VoIP) is used in large scale to deliver voice and multimedia
More informationEE4607 Session Initiation Protocol
EE4607 Session Initiation Protocol Michael Barry michael.barry@ul.ie william.kent@ul.ie Outline of Lecture IP Telephony the need for SIP Session Initiation Protocol Addressing SIP Methods/Responses Functional
More informationPart II. Prof. Ai-Chun Pang Graduate Institute of Networking and Multimedia, Dept. of Comp. Sci. and Info. Engr., National Taiwan University
Session Initiation Protocol oco (SIP) Part II Prof. Ai-Chun Pang Graduate Institute of Networking and Multimedia, Dept. of Comp. Sci. and Info. Engr., National Taiwan University Email: acpang@csie.ntu.edu.tw
More informationTECHNICAL SUPPORT NOTE. 3-Way Call Conferencing with Broadsoft - TA900 Series
Page 1 of 6 TECHNICAL SUPPORT NOTE 3-Way Call Conferencing with Broadsoft - TA900 Series Introduction Three way calls are defined as having one active call and having the ability to add a third party into
More informationSession Initiation Protocol (SIP) 陳 懷 恩 博 士 助 理 教 授 兼 計 算 機 中 心 資 訊 網 路 組 組 長 國 立 宜 蘭 大 學 資 工 系 Email: wechen@niu.edu.tw TEL: 03-9357400 # 340
Session Initiation Protocol (SIP) 陳 懷 恩 博 士 助 理 教 授 兼 計 算 機 中 心 資 訊 網 路 組 組 長 國 立 宜 蘭 大 學 資 工 系 Email: wechen@niu.edu.tw TEL: 03-9357400 # 340 Outline Session Initiation Protocol SIP Extensions SIP Operation
More informationSIP OVER NAT. Pavel Segeč. University of Žilina, Faculty of Management Science and Informatics, Slovak Republic e-mail: Pavel.Segec@fri.uniza.
SIP OVER NAT Pavel Segeč University of Žilina, Faculty of Management Science and Informatics, Slovak Republic e-mail: Pavel.Segec@fri.uniza.sk Abstract Session Initiation Protocol is one of key IP communication
More informationHow to make free phone calls and influence people by the grugq
VoIPhreaking How to make free phone calls and influence people by the grugq Agenda Introduction VoIP Overview Security Conclusion Voice over IP (VoIP) Good News Other News Cheap phone calls Explosive growth
More informationSIP: Protocol Overview
SIP: Protocol Overview NOTICE 2001 RADVISION Ltd. All intellectual property rights in this publication are owned by RADVISION Ltd. and are protected by United States copyright laws, other applicable copyright
More informationSIP Trunking & Peering Operation Guide
SIP Trunking & Peering Operation Guide For Samsung OfficeServ May 07, 2008 doc v2.1.0 Sungwoo Lee Senior Engineer sungwoo1769.lee@samsung.com OfficeServ Network Lab. Telecommunication Systems Division
More informationRadius/LDAP authentication in open-source IP PBX
Radius/LDAP authentication in open-source IP PBX Ivan Capan, Marko Skomeršić Protenus d.o.o. Telecommunications & networking department Zrinskih i Frankopana 23, Varaždin, 42000, Croatia ivan.capan@protenus.com,
More informationVoice Over IP: Unsafe at any Bandwidth?
Voice Over IP: Unsafe at any Bandwidth? Joachim Posegga, Jan Seedorf Security in Distributed Systems (SVS) University of Hamburg, Dept of Informatics Vogt-Kölln-Str. 30, D-22527 Hamburg svs-office@informatik.uni-hamburg.de
More informationNTP VoIP Platform: A SIP VoIP Platform and Its Services 1
NTP VoIP Platform: A SIP VoIP Platform and Its Services 1 Whai-En Chen, Chai-Hien Gan and Yi-Bing Lin Department of Computer Science National Chiao Tung University 1001 Ta Hsueh Road, Hsinchu, Taiwan,
More informationAGILE SIP TRUNK IP-PBX Connection Manual (Asterisk)
AGILE SIP TRUNK IP-PBX Connection Manual (Asterisk) 1. Login to CID (Customer ID) Login https://manager.agile.ne.jp/login.php USERNAME Password 2. Go to SIP List of SIP TRUNK SIP SIP List Buy SIP Trunk
More informationSession Initiation Protocol and Services
Session Initiation Protocol and Services Harish Gokul Govindaraju School of Electrical Engineering, KTH Royal Institute of Technology, Haninge, Stockholm, Sweden Abstract This paper discusses about the
More informationVoice over IP & Other Multimedia Protocols. SIP: Session Initiation Protocol. IETF service vision. Advanced Networking
Advanced Networking Voice over IP & Other Multimedia Protocols Renato Lo Cigno SIP: Session Initiation Protocol Defined by IETF RFC 2543 (first release march 1999) many other RFCs... see IETF site and
More informationSIP Essentials Training
SIP Essentials Training 5 Day Course Lecture & Labs COURSE DESCRIPTION Learn Session Initiation Protocol and important protocols related to SIP implementations. Thoroughly study the SIP protocol through
More informationTechnical Means to Combat Spam in the VoIP Service
Section Four Technical Means to Combat Spam in the VoIP Service Spam refers in general to any unsolicited communication. Spam will also become one of the serious problems for multimedia communication in
More informationVoIP. What s Voice over IP?
VoIP What s Voice over IP? Transmission of voice using IP Analog speech digitized and transmitted as IP packets Packets transmitted on top of existing networks Voice connection is now packet switched as
More informationSession Initiation Protocol (SIP)
SIP: Session Initiation Protocol Corso di Applicazioni Telematiche A.A. 2006-07 Lezione n.7 Ing. Salvatore D Antonio Università degli Studi di Napoli Federico II Facoltà di Ingegneria Session Initiation
More informationHow To Protect Your Phone From Being Hacked By A Man In The Middle Or Remote Attacker
An Empirical Investigation into the Security of Phone Features in SIP-based VoIP Systems Ruishan Zhang 1, Xinyuan Wang 1, Xiaohui Yang 1, Ryan Farley 1, and Xuxian Jiang 2 1 George Mason University, Fairfax,
More informationTransparent weaknesses in VoIP
Transparent weaknesses in VoIP Peter Thermos peter.thermos@palindrometech.com 2007 Palindrome Technologies, All Rights Reserved 1 of 56 Speaker Background Consulting Government and commercial organizations,
More informationMultimedia & Protocols in the Internet - Introduction to SIP
Information and Communication Networks Multimedia & Protocols in the Internet - Introduction to Siemens AG 2004 Bernard Hammer Siemens AG, München Presentation Outline Basics architecture Syntax Call flows
More informationSession Initiation Protocol
TECHNICAL OVERVIEW Session Initiation Protocol Author: James Wright, MSc This paper is a technical overview of the Session Initiation Protocol and is designed for IT professionals, managers, and architects
More informationVoice over IP (SIP) Milan Milinković milez@sbox.tugraz.at 30.03.2007.
Voice over IP (SIP) Milan Milinković milez@sbox.tugraz.at 30.03.2007. Intoduction (1990s) a need for standard protocol which define how computers should connect to one another so they can share media and
More informationSIP, Session Initiation Protocol used in VoIP
SIP, Session Initiation Protocol used in VoIP Page 1 of 9 Secure Computer Systems IDT658, HT2005 Karin Tybring Petra Wahlund Zhu Yunyun Table of Contents SIP, Session Initiation Protocol...1 used in VoIP...1
More informationAnalysis of SIP Traffic Behavior with NetFlow-based Statistical Information
Analysis of SIP Traffic Behavior with NetFlow-based Statistical Information Changyong Lee, Hwankuk-Kim, Hyuncheol Jeong, Yoojae Won Korea Information Security Agency, IT Infrastructure Protection Division
More informationChapter 2 PSTN and VoIP Services Context
Chapter 2 PSTN and VoIP Services Context 2.1 SS7 and PSTN Services Context 2.1.1 PSTN Architecture During the 1990s, the telecommunication industries provided various PSTN services to the subscribers using
More informationSession Initiation Protocol (SIP) The Emerging System in IP Telephony
Session Initiation Protocol (SIP) The Emerging System in IP Telephony Introduction Session Initiation Protocol (SIP) is an application layer control protocol that can establish, modify and terminate multimedia
More informationAV@ANZA Formación en Tecnologías Avanzadas
SISTEMAS DE SEÑALIZACION SIP I & II (@-SIP1&2) Contenido 1. Why SIP? Gain an understanding of why SIP is a valuable protocol despite competing technologies like ISDN, SS7, H.323, MEGACO, SGCP, MGCP, and
More informationFor internal circulation of BSNL only
E1-E2 E2 CFA Session Initiation Protocol AGENDA Introduction to SIP Functions of SIP Components of SIP SIP Protocol Operation Basic SIP Operation Introduction to SIP SIP (Session Initiation Protocol) is
More informationSIP Session Initiation Protocol
SIP Session Initiation Protocol Laurent Réveillère Enseirb Département Télécommunications reveillere@enseirb.fr Session Initiation Protocol Raisin 2007 Overview This is a funny movie! I bet Laura would
More informationVesselin Tzvetkov, Holger Zuleger {vesselin.tzvetkov, holger.zuleger}@arcor.net Arcor AG&Co KG, Alfred-Herrhausen-Allee 1, 65760 Eschborn, Germany
Service Provider implementation of SIP regarding security Vesselin Tzvetkov, Holger Zuleger {vesselin.tzvetkov, holger.zuleger}@arcor.net Arcor AG&Co KG, Alfred-Herrhausen-Allee 1, 65760 Eschborn, Germany
More informationHow To Understand The Purpose Of A Sip Aware Firewall/Alg (Sip) With An Alg (Sip) And An Algen (S Ip) (Alg) (Siph) (Network) (Ip) (Lib
NetVanta Unified Communications Technical Note The Purpose of a SIP-Aware Firewall/ALG Introduction This technical note will explore the purpose of a Session Initiation Protocol (SIP)-aware firewall/application
More informationinternet technologies and standards
Institute of Telecommunications Warsaw University of Technology 2015 internet technologies and standards Piotr Gajowniczek Andrzej Bąk Michał Jarociński multimedia in the Internet Voice-over-IP multimedia
More informationBlack Hat Briefings 2007 Las Vegas. White Paper on Vulnerabilities in Dual-mode/Wi-Fi Phones
Black Hat Briefings 2007 Las Vegas White Paper on Vulnerabilities in Dual-mode/Wi-Fi Phones Sachin Joglekar Vulnerability Research Lead Sipera VIPER Lab Table of Contents Introduction... 3 Dual-mode/Wi-Fi
More informationNAT TCP SIP ALG Support
The feature allows embedded messages of the Session Initiation Protocol (SIP) passing through a device that is configured with Network Address Translation (NAT) to be translated and encoded back to the
More information3.1 SESSION INITIATION PROTOCOL (SIP) OVERVIEW
3.1 SESSION INITIATION PROTOCOL (SIP) OVERVIEW SIP is an application layer protocol that is used for establishing, modifying and terminating multimedia sessions in an Internet Protocol (IP) network. SIP
More informationApplication Notes for IDT Net2Phone SIP Trunking Service with Avaya IP Office 8.1 - Issue 1.0
Avaya Solution & Interoperability Test Lab Application Notes for IDT Net2Phone SIP Trunking Service with Avaya IP Office 8.1 - Issue 1.0 Abstract These Application Notes describe the procedures for configuring
More informationWhite paper. SIP An introduction
White paper An introduction Table of contents 1 Introducing 3 2 How does it work? 3 3 Inside a normal call 4 4 DTMF sending commands in sip calls 6 5 Complex environments and higher security 6 6 Summary
More informationVOICE OVER IP SECURITY
VOICE OVER IP SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationSecure Text in SIP Based VoIP
MASTER S THESIS 2005:183 CIV Secure Text in SIP Based VoIP JOHAN KULTTI MASTER OF SCIENCE PROGRAMME Computer Science Luleå University of Technology Department of Computer Science and Electrical Engineering
More informationIP Office Technical Tip
IP Office Technical Tip Tip no: 200 Release Date: January 23, 2008 Region: GLOBAL IP Office Session Initiation Protocol (SIP) Configuration Primer There are many Internet Telephony Service Providers (ITSP)
More informationMobicents 2.0 The Open Source Communication Platform. DERUELLE Jean JBoss, by Red Hat 138
Mobicents 2.0 The Open Source Communication Platform DERUELLE Jean JBoss, by Red Hat 138 AGENDA > VoIP Introduction > VoIP Basics > Mobicents 2.0 Overview SIP Servlets Server JAIN SLEE Server Media Server
More informationBasic Vulnerability Issues for SIP Security
Introduction Basic Vulnerability Issues for SIP Security By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com The Session Initiation Protocol (SIP) is the future
More informationIP-Telephony SIP & MEGACO
IP-Telephony SIP & MEGACO Bernard Hammer Siemens AG, Munich Siemens AG 2001 1 Presentation Outline Session Initiation Protocol Introduction Examples Media Gateway Decomposition Protocol 2 IETF Standard
More informationMan-in-the-Middle Attack on T-Mobile Wi-Fi Calling
Man-in-the-Middle Attack on T-Mobile Wi-Fi Calling Jethro Beekman Christopher Thompson Electrical Engineering and Computer Sciences University of California at Berkeley Technical Report No. UCB/EECS-2013-18
More informationTSIN02 - Internetworking
TSIN02 - Internetworking Lecture 9: SIP and H323 Literature: Understand the basics of SIP and it's architecture Understand H.323 and how it compares to SIP Understand MGCP (MEGACO/H.248) SIP: Protocol
More informationThe use of IP networks, namely the LAN and WAN, to carry voice. Voice was originally carried over circuit switched networks
Voice over IP Introduction VoIP Voice over IP The use of IP networks, namely the LAN and WAN, to carry voice Voice was originally carried over circuit switched networks PSTN (Public Switch Telephone Network)
More informationHow To Attack A Phone With A Billing Attack On A Sip Phone On A Cell Phone On An At&T Vpn Vpn Phone On Vnet.Com (Vnet) On A Pnet Vnet Vip (Sip)
Billing Attacks on SIP-Based VoIP Systems Ruishan Zhang, Xinyuan Wang, Xiaohui Yang, Xuxian Jiang Department of Information and Software Engineering George Mason University, Fairfax, VA 22030, USA {rzhang3,
More informationA Comparative Study of Signalling Protocols Used In VoIP
A Comparative Study of Signalling Protocols Used In VoIP Suman Lasrado *1, Noel Gonsalves *2 Asst. Prof, Dept. of MCA, AIMIT, St. Aloysius College (Autonomous), Mangalore, Karnataka, India Student, Dept.
More informationSecurity Issues of SIP
Master Thesis Electrical Engineering Thesis no: MEE10:74 June 2010 BLEKINGE INSTITUTE OF TECHNOLOGY SCHOOL OF ENGINEERING DEPARTMENT OF TELECOMMUNICATION SYSTEMS Security Issues of SIP MASTER S THESIS
More informationSIP and ENUM. Overview. 2005-03-01 ENUM-Tag @ DENIC. Introduction to SIP. Addresses and Address Resolution in SIP ENUM & SIP
and ENUM 2005-03-01 ENUM-Tag @ DENIC Jörg Ott 2005 Jörg Ott 1 Overview Introduction to Addresses and Address Resolution in ENUM & Peer-to-Peer for Telephony Conclusion 2005 Jörg Ott
More informationAsterisk with Twilio Elastic SIP Trunking Interconnection Guide using Secure Trunking (SRTP/TLS)
Asterisk with Twilio Elastic SIP Trunking Interconnection Guide using Secure Trunking (SRTP/TLS) With the Introduction of Twilio Elastic SIP trunking this guide provides the configuration steps required
More informationSecurity issues in Voice over IP: A Review
www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242 Volume 3 Issue 2 February, 2014 Page No. 3879-3883 Security issues in Voice over IP: A Review Rajni a, Preeti a, Ritu
More informationVoIP Phreaking Introduction to SIP Hacking. Hendrik Scholz hscholz@raisdorf.net http://www.wormulon.net/ 22C3, 2005 12 27 Berlin, Germany
VoIP Phreaking Introduction to SIP Hacking Hendrik Scholz hscholz@raisdorf.net http://www.wormulon.net/ 22C3, 2005 12 27 Berlin, Germany Agenda What is Voice Over IP? Infrastucture Protocols SIP attacks
More informationLawful Interception in P2Pbased
Lawful Interception in P2Pbased VoIP Systems Jan Seedorf (jan.seedorf_at_nw.neclab.eu) NEC Laboratories Europe Heidelberg, Germany July Page 2008 1-1 IPTCOMM 2008 Heidelberg, Germany Outline 1.
More informationInternet Working 15th lecture (last but one) Chair of Communication Systems Department of Applied Sciences University of Freiburg 2005
15th lecture (last but one) Chair of Communication Systems Department of Applied Sciences University of Freiburg 2005 1 43 administrational stuff Next Thursday preliminary discussion of network seminars
More informationA Lightweight Secure SIP Model for End-to-End Communication
A Lightweight Secure SIP Model for End-to-End Communication Weirong Jiang Research Institute of Information Technology, Tsinghua University, Beijing, 100084, P.R.China jwr2000@mails.tsinghua.edu.cn Abstract
More informationRequest for Comments: 4579. August 2006
Network Working Group Request for Comments: 4579 BCP: 119 Category: Best Current Practice A. Johnston Avaya O. Levin Microsoft Corporation August 2006 Status of This Memo Session Initiation Protocol (SIP)
More informationSIP Introduction. Jan Janak
SIP Introduction Jan Janak SIP Introduction by Jan Janak Copyright 2003 FhG FOKUS A brief overview of SIP describing all important aspects of the Session Initiation Protocol. Table of Contents 1. SIP Introduction...
More informationSIP: Ringing Timer Support for INVITE Client Transaction
SIP: Ringing Timer Support for INVITE Client Transaction Poojan Tanna (poojan@motorola.com) Motorola India Private Limited Outer Ring Road, Bangalore, India 560 037 Abstract-The time for which the Phone
More informationAn Introduction to. Voice over IP Security
An Introduction to Voice over IP Security July 2006 Holger.Zuleger@hznet.de 1. April 2006 Holger Zuleger 1/18 > c What is meant by secur ity? Preface Not address or topology hiding Not (D)DoS prevention
More informationConfiguring SIP Support for SRTP
Configuring SIP Support for SRTP This chapter contains information about the SIP Support for SRTP feature. The Secure Real-Time Transfer protocol (SRTP) is an extension of the Real-Time Protocol (RTP)
More informationSession Initiation Protocol (SIP)
Session Initiation Protocol (SIP) Introduction A powerful alternative to H.323 More flexible, simpler Easier to implement Advanced features Better suited to the support of intelligent user devices A part
More informationVoIP Secure Communication Protocol satisfying Backward Compatibility 1
VoIP Secure Communication Protocol satisfying Backward Compatibility 1 JOONGMAN KIM SEOKUNG YOON YOOJAE WON JAEIL LEE IT Infrastructure Protection Division Korea Information Security Agency 78, Garak-Dong,
More informationInternet Services & Protocols Multimedia Applications, Voice over IP
Department of Computer Science Institute for System Architecture, Chair for Computer Networks Internet Services & Protocols Multimedia Applications, Voice over IP Dipl.-Inform. Stephan Groß Room: GRU314
More informationTLS and SRTP for Skype Connect. Technical Datasheet
TLS and SRTP for Skype Connect Technical Datasheet Copyright Skype Limited 2011 Introducing TLS and SRTP Protocols help protect enterprise communications Skype Connect now provides Transport Layer Security
More informationMultimedia Communication in the Internet. SIP: Advanced Topics. Dorgham Sisalem, Sven Ehlert Mobile Integrated Services FhG FOKUS
Multimedia Communication in the Internet SIP: Advanced Topics Dorgham Sisalem, Sven Ehlert Mobile Integrated Services FhG FOKUS SIP and NAT NAT Concept NAT = Network Address Translation Share one IP address
More informationInternet Services & Protocols Multimedia Applications, Voice over IP
Department of Computer Science Institute for System Architecture, Chair for Computer Networks Internet Services & Protocols Multimedia Applications, Voice over IP Dr.-Ing. Stephan Groß Room: INF 3099 E-Mail:
More informationApplication Notes for Configuring SIP Trunking between McLeodUSA SIP Trunking Solution and an Avaya IP Office Telephony Solution 1.
Avaya Solution & Interoperability Test Lab Application Notes for Configuring SIP Trunking between McLeodUSA SIP Trunking Solution and an Avaya IP Office Telephony Solution 1.0 Abstract These Application
More informationAdaptation of TURN protocol to SIP protocol
IJCSI International Journal of Computer Science Issues, Vol. 7, Issue 1, No. 2, January 2010 ISSN (Online): 1694-0784 ISSN (Print): 1694-0814 78 Adaptation of TURN protocol to SIP protocol Mustapha GUEZOURI,
More informationVoIP Security regarding the Open Source Software Asterisk
Cybernetics and Information Technologies, Systems and Applications (CITSA) 2008 VoIP Security regarding the Open Source Software Asterisk Prof. Dr.-Ing. Kai-Oliver Detken Company: DECOIT GmbH URL: http://www.decoit.de
More informationAGILE SIP TRUNK IP- PBX Connection Manual (Asterisk, Trixbox)
AGILE SIP TRUNK IP- PBX Connection Manual (Asterisk, Trixbox) 1. SIP TRUNK SETTINGS 1.1. Login to CID (Customer ID): https://manager.agile.ne.jp/login.php USERNAME Password 1.2. On the left most column
More informationStorming SIP Security Captions
Storming SIP Security Captions Listing 1. Running svwar with default options on the target Asterisk PBX./svwar.py 192.168.1.107 Extension Authentication ------------------------------ 502 reqauth 503 reqauth
More informationSIP SECURITY WILEY. Dorgham Sisalem John Floroiu Jiri Kuthan Ulrich Abend Henning Schulzrinne. A John Wiley and Sons, Ltd.
SIP SECURITY Dorgham Sisalem John Floroiu Jiri Kuthan Ulrich Abend Henning Schulzrinne WILEY A John Wiley and Sons, Ltd., Publication Foreword About the Authors Acknowledgment xi xiii xv 1 Introduction
More informationUnregister Attacks in SIP
Unregister Attacks in SIP Anat Bremler-Barr Ronit Halachmi-Bekel Interdisciplinary Center Herzliya Email: {bremler,halachmi.ronit}@idc.ac.il Jussi Kangasharju Darmstadt University of Technology jussi@tk.informatik.tu-darmstadt.de
More informationSIP Trunking. Service Guide. www.megapath.com. Learn More: Call us at 877.634.2728.
Service Guide Learn More: Call us at 877.634.2728. www.megapath.com What is MegaPath SIP Trunking? SIP Trunking enables your business to reduce costs and simplify IT management by combining voice and Internet
More informationInternet Engineering Task Force (IETF) Request for Comments: 7088 Category: Informational February 2014 ISSN: 2070-1721
Internet Engineering Task Force (IETF) D. Worley Request for Comments: 7088 Ariadne Category: Informational February 2014 ISSN: 2070-1721 Abstract Session Initiation Protocol Service Example -- Music on
More informationVoIP Fraud Analysis. Simwood esms Limited https://www.simwood.com/ @simwoodesms Tel: 029 2120 2120
VoIP Fraud Analysis Simwood esms Limited https:/// @simwoodesms Tel: 029 2120 2120 Simon Woodhead Managing Director simon.woodhead@simwood.com INTRODUCTION Wholesale Voice (and fax!)! UK Numbering Termination
More informationSession Initiation Protocol (SIP) Chapter 5
Session Initiation Protocol (SIP) Chapter 5 Introduction A powerful alternative to H.323 More flexible, simpler Easier to implement Advanced features Better suited to the support of intelligent user devices
More informationAsymetrical keys. Alices computer generates a key pair. A public key: XYZ123345 (Used to encrypt) A secret key: ABC98765 (Used to decrypt)
Encryption keys Symmetrical keys Same key used for encryption and decryption Exchange of symmetrical keys between parties difficult without risk of interception Asymmetrical keys One key for encryption
More informationSIP ALG - Session Initiated Protocol Applications- Level Gateway
SIP ALG is a parameter that is generally enabled on most commercial router because it helps to resolve NAT related problems. However, this parameter can be very harmful and can actually stop SIP Trunks
More informationVoIP with SIP. Session Initiation Protocol RFC-3261/RFC-2543. Tasuka@Tailyn.com.tw
VoIP with SIP Session Initiation Protocol RFC-3261/RFC-2543 Tasuka@Tailyn.com.tw 1 Legacy Telephone 2 Legacy Telephone 2 Legacy Telephone 2 Legacy Telephone 2 Legacy Telephone 2 Legacy Telephone 2 Legacy
More informationTechnical Bulletin 25751
25751 Secure Real-Time Transport Protocol on SoundPoint IP Phones This technical bulletin provides detailed information on how the SIP application has been enhanced to support Secure Real-Time Transport
More informationIntroduction to VoIP Technology
Lesson 1 Abstract Introduction to VoIP Technology 2012. 01. 06. This first lesson of contains the basic knowledge about the terms and processes concerning the Voice over IP technology. The main goal of
More informationSIP for Voice, Video and Instant Messaging
James Polk 20050503 SIP for Voice, Video and Instant Messaging James Polk 20050503 Faisal Chaudhry fchaudhr@cisco.com Technical Leader Cisco Advanced Services Cisco Systems, Inc. All rights reserved. 1
More informationHacking Trust Relationships of SIP Gateways
Hacking Trust Relationships of SIP Gateways Author : Fatih Özavcı Homepage : gamasec.net/fozavci SIP Project Page : github.com/fozavci/gamasec-sipmodules Version : 0.9 Hacking Trust Relationship Between
More information